<?php
if (!defined('IN_ZWS')) exit();

class PublicAction extends Action {
	function _initialize() {
		global $userInfo, $adminUid;
		// 检查是否已经登录以及登录状态
		if (isEmpty($_SESSION['uid']) || isEmpty($_SESSION['ltime'])) $this -> error("请先登录前台", '/u/login');
		$M = M('User');
		$userInfo = $M -> join('zws_user_info info ON info.uid = zws_user.id') -> where("zws_user.id=" . $_SESSION['uid']) -> find();
		$adminUid = explode(',', setting('admin_uid'));
		if (empty($userInfo) || empty($userInfo['username']) || $_SESSION['ltime'] < $userInfo['cptime']) {
			unset ($_SESSION ['uid'], $_SESSION ['username'], $_SESSION ['ltime']);
			session ('[destroy]');
			session ('[regenerate]');
			$this -> error("前台登录状态已失效，请重新登录", '/u/login');
		}
		if (isEmpty($_COOKIE['atk'])) $this -> error('您还未登录后台，请登录', U('auth/login'));
		if (!in_array($_SESSION['uid'], $adminUid)) {
			setcookie('atk', null);
			$this -> error("抱歉，您没有管理权限", __ROOT__ . '/i');
		}
		$authInfo = explode("\t", base64_decode(base64_decode($_COOKIE['atk'])));
		if ($_SESSION['altime'] < $userInfo['cptime'] || $authInfo[0] != $userInfo['username'] || TIMESTAMP > $authInfo[1] + 1800 || $authInfo[2] != $userInfo['cptime']) {
			unset($_SESSION['altime']);
			setcookie('atk', null);
			$this -> error('后台登录状态已失效，请重新登录', U('auth/login'));
		}
		setcookie('atk', base64_encode(base64_encode($userInfo['username'] . "\t" . TIMESTAMP . "\t" . $userInfo['cptime'])), TIMESTAMP + 1800, '/');
		$_SESSION['altime'] = TIMESTAMP;
		$this -> assign('userInfo', $userInfo);
		$this -> assign('siteName', setting('siteName'));
		$this -> assign('siteSubName', setting('siteSubName'));
	}
}
